Countermeasure against estimation-based attacks of spread-spectrum watermarks

ABSTRACT

Described herein is a technology for facilitating watermark detection. Spread-spectrum watermarking is a commonly employed technique for hiding data in digital goods (e.g., multimedia signals). Such watermarks may be potentially vulnerable to so-called “watermark estimation-based attacks.” At least one implementation, described herein, is an advancement over the traditional spread-spectrum watermark detector. At least one implementation, described herein, greatly discourages an estimation-based attack by an adversary. At least one implementation, described herein, determines whether a digital good has likely been subjected to an estimation-based attack and, at least, approximately reverses such attack. The scope of the present invention is pointed out in the appending claims.

TECHNICAL FIELD

[0001] This invention generally relates to a technology for facilitatingwatermark detection.

BACKGROUND

[0002] Digital goods are often distributed to consumers over private andpublic networks—such as Intranets and the Internet. In addition, thesegoods are distributed to consumers via fixed computer readable media,such as a compact disc (CD-ROM), digital versatile disc (DVD), softmagnetic diskette, or hard magnetic disk (e.g., a preloaded hard drive).

[0003] Unfortunately, it is relatively easy for a person to pirate thepristine digital content of a digital good at the expense and harm ofthe content owners—which includes the content author, publisher,developer, distributor, etc. The content-based industries (e.g.,entertainment, music, film, etc.) that produce and distribute contentare plagued by lost revenues due to digital piracy.

[0004] Modern digital pirates effectively rob content owners of theirlawful compensation. Unless technology provides a mechanism to protectthe rights of content owners, the creative community and culture will beimpoverished.

[0005] “Digital goods” is a generic label for electronically stored ortransmitted content. Examples of digital goods include images, audioclips, video, multimedia, software, and data. Digital goods may also becalled a “digital signal,” “content signal,” “digital bitstream,” “mediasignal,” “digital object,” “object,” and the like.

[0006] Watermarking

[0007] Watermarking is one of the most promising techniques forprotecting the content owner's rights of a digital good. Generally,watermarking is a process of altering the digital good such that itsperceptual characteristics are preserved. More specifically, a“watermark” is a pattern of bits inserted into a digital good that maybe used to identify the content owners and/or the protected rights.

[0008] Generally, watermarks are designed to be invisible or, moreprecisely, to be imperceptible to humans and statistical analysis tools.

[0009] A watermark embedder (i.e., encoder) is used to embed a watermarkinto a digital good. A watermark detector is used to detect (or extract)the watermark in the watermarked digital good. Watermark detection isoften performed in real-time even on small devices.

[0010] Conventional Watermarking Technology

[0011] Conventional technologies for watermarking media signals rely onthe imperfections of human perceptions (e.g., the human auditory system(HAS) or the human visual system (HVS)). For example, in the realm ofaudio signals, several conventional secret hiding techniques explore thefact that the HAS is insensitive to small amplitude changes—either inthe time or frequency domains—as well as insertion of low-amplitudetime-domain echoes.

[0012] The watermark can be regarded as an additive signal w, whichcontains the encoded and modulated watermark message b under constraintson the introduced perceptible distortions given by a mask M so that:

y=x+w(M).

[0013] Commonly-used conventional watermark embedding techniques can beclassified into spread-spectrum (SS) (which is often implemented usingadditive or multiplicative techniques) and quantization-based (e.g.,quantization index modulation (QIM)) schemes.

[0014] Those of ordinary skill in the art are familiar with conventionaltechniques and technology associated with watermarks, watermarkembedding, and watermark detecting.

[0015] Robustness

[0016] In most watermarking applications, the marked goods are likely tobe processed in some way before it reaches the watermark receiver. Theprocessing could be lossy compression, signal enhancement, ordigital-to-analog (D/A) and analog-to-digital (A/D) conversion. Anembedded watermark may unintentionally or inadvertently be impaired bysuch processing. Other types of processing may be applied with theexplicit goal of hindering watermark reception. This is an attack on thewatermark (or the watermarked good) by a so-called adversary.

[0017] In watermarking terminology, an attack may be thought of as anyprocessing that may impair detection of the watermark or communicationof the information conveyed by the watermark or intends to do so. Theprocessed watermarked goods may be then called attacked goods.

[0018] Of course, key aspect of a watermarking technology is itsrobustness against attacks. The notion of robustness is intuitivelyclear to those of ordinary skill in the art: A watermark is robust if itcannot be impaired without also rendering the attacked goods lessuseful.

[0019] Watermark impairment can be measured by several criteria, forexample: miss probability, probability of bit error, or channelcapacity. For multimedia, the usefulness of the attacked data can begauged by considering its perceptual quality or distortion. Hence,robustness may be evaluated by simultaneously considering watermarkimpairment and the distortion of the attacked good.

[0020] Estimation-Based Attack

[0021] To accomplish an estimation-based attack, the adversary is ableestimate—at least partially—the original good or the watermark from thewatermarked good using some knowledge of the goods' statistics. Anestimation-based attack does not need any knowledge of the secret keyused for watermark embedding. Furthermore, knowledge of the embeddingrule is not required; however, the attack may be more successful withit.

[0022] Depending on the final purpose of the attack, the adversary mayobtain an estimate of the original good or of the watermark based onsome stochastic criteria such as maximum likelihood (ML), maximum aposteriori probability (MAP), or minimum mean square error (MMSE).Depending on the way the estimate is used, these attacks may beclassified as one of various forms of attacks, such as a removal attack,a protocol attack, or a desynchronization attack.

[0023] Framework to Thwart Estimation-Based Attacks

[0024] Accordingly, it is a challenge to create a framework to thwartestimation-based attacks. It is desirable for such a framework toincrease watermark robustness with respect to estimation-based attacks.Furthermore, it desirable for such a framework to do so when theadversary knows all the details how the watermark is embedded except thehidden secret.

SUMMARY

[0025] Described herein is a technology for facilitating watermarkdetection.

[0026] Spread-spectrum watermarking is a commonly employed technique forhiding data in digital goods (e.g., multimedia signals). Such watermarksare conventionally considered strongly robust, particularly with respectto blind, Stirmark-like, signal processing attacks. However, suchwatermarks may be potentially vulnerable to so-called “watermarkestimation-based attacks.”

[0027] At least one implementation, described herein, is an advancementover the traditional spread-spectrum watermark detector. At least oneimplementation, described herein, greatly discourages anestimation-based attack by an adversary. At least one implementation,described herein, determines whether a good has likely been subjected toan estimation-based attack and, at least, approximately reverses suchattack.

[0028] This summary itself is not intended to limit the scope of thispatent. Moreover, the title of this patent is not intended to limit thescope of this patent. For a better understanding of the presentinvention, please see the following detailed description and appendingclaims, taken in conjunction with the accompanying drawings. The scopeof the present invention is pointed out in the appending claims.

BRIEF DESCRIPTION OF THE DRAWINGS

[0029] The same numbers are used throughout the drawings to referencelike elements and features.

[0030]FIG. 1 illustrates a digital-goods-production-and-distributionsystem which may employ (wholly or partially) an implementationdescribed herein.

[0031] FIGS. 2A-2B are graphs illustrating an example of a probabilitydistribution function (PDF) of a marked signal, e.g., pdf({tilde over(y)}).

[0032]FIG. 2C is a graph illustrating an example of a decomposition of aPDF of the marked signal (of FIGS. 2A-2B) after an estimation-basedattack, e.g., pdf({tilde over (z)}).

[0033]FIG. 2D is a graph illustrating an example of a decomposition of aPDF of the attacked signal (of FIG. 2C) after being processed usingtechniques of an implementation described herein.

[0034]FIG. 3 is a graph illustrating an example of a composition of theattacked signal, pdf({tilde over (z)}), of FIG. 2C.

[0035]FIG. 4 is a flow diagram showing a methodological implementationdescribed herein.

[0036]FIG. 5 is an example of a computing operating environment capableof implementing at least one embodiment (wholly or partially) describedherein.

DETAILED DESCRIPTION

[0037] In the following description, for purposes of explanation,specific numbers, materials and configurations are set forth in order toprovide a thorough understanding of the present invention. However, itwill be apparent to one skilled in the art that the present inventionmay be practiced without the specific exemplary details. In otherinstances, well-known features are omitted or simplified to clarify thedescription of the exemplary implementations of present invention,thereby better explain the present invention. Furthermore, for ease ofunderstanding, certain method steps are delineated as separate steps;however, these separately delineated steps should not be construed asnecessarily order dependent in their performance.

[0038] The following description sets forth one or more exemplaryimplementations of a Countermeasure against Estimation-based Attacks ofSpread-Spectrum Watermarks that incorporate elements recited in theappended claims. These implementations are described with specificity inorder to meet statutory written description, enablement, and best-moderequirements. However, the description itself is not intended to limitthe scope of this patent.

[0039] The inventors intend these exemplary implementations to beexamples. The inventors do not intend these exemplary implementations tolimit the scope of the claimed present invention. Rather, the inventorshave contemplated that the claimed present invention might also beembodied and implemented in other ways, in conjunction with otherpresent or future technologies.

[0040] An example of an embodiment of a Countermeasure againstEstimation-based Attacks of Spread-Spectrum Watermarks may be referredto as an “exemplary countermeasure.”

[0041] Introduction

[0042] The exemplary countermeasure may be implemented on computingsystems and computer networks like that show in FIG. 5. Although theexemplary countermeasure may have many applications, digital rightsmanagement is an example of a particular application.

[0043] Spread-spectrum watermarking is a commonly employed technique forhiding data in digital goods (e.g., multimedia signals). Such watermarksare conventionally considered strongly robust, particularly with respectto blind, Stirmark-like, signal processing attacks. However, suchwatermarks may be potentially vulnerable to so-called “watermarkestimation-based attacks.” When launching an estimation-based attacksuccessfully, it is not uncommon for an adversary to be aware of how awatermark is embedded, but not know the hidden secret or key.

[0044] The exemplary countermeasure introduces an advancement to thetraditional spread-spectrum watermark detector. The exemplarycountermeasure greatly discourages an estimation-based attack by anadversary. The exemplary countermeasure determines whether a good haslikely been subjected to an estimation-based attack and, at least,approximately reverses such attack.

[0045] Ideally, with the exemplary countermeasure, the adversary isforced to add an amount of noise equal or greater in proportion to theamplitude of the recorded good in order to successfully impair (e.g.,remove) a spread-spectrum watermark. Doing so greatly affects theperceptible quality of the good and results in poor quality goods.Consequently, the effectiveness of watermark estimation-based attacks issignificantly reduced.

[0046] Digital Goods Production and Distribution System EmployingWatermarks

[0047]FIG. 1 shows an example of adigital-goods-production-and-distribution system 20. The exemplarycountermeasure may be employed as part of such a system.

[0048] The digital-goods-production-and-distribution system 20 has acontent producer/provider 22 that produces original musical content anddistributes the content over a network 24 to a client 26. The contentproducer/provider 22 has a content storage 30 to store digitaldatastreams of original content. The content producer 22 has a watermarkencoding system 32 to sign the datastream with a watermark thatidentifies the content as original. The watermark encoding system 32 maybe implemented as a standalone process or incorporated into otherapplications or an operating system.

[0049] Typically, a watermark is an array of bits generated using acryptographically secure pseudo-random bit generator and an errorcorrection encoder. The pseudo-randomness of each watermark is providedby initiating the bit generator with a key unique to each contentpublisher. The watermark is embedded into a digital good by altering itsfrequency magnitudes such that the perceptual characteristics of theoriginal recording are preserved. Each magnitude in the frequencyspectrum is altered according to the appropriate bit in the watermark.

[0050] The watermark encoding system 32 applies the watermark to anoriginal digital good from the content storage 30. Typically, thewatermark identifies the content producer 22, providing a signature thatis embedded in the original good and cannot be removed. The watermark isdesigned to survive all typical kinds of processing, includingcompression, equalization, D/A and A/D conversion, recording on analogtape, and so forth. It is also designed to survive malicious attacksthat attempt to remove the watermark from the good, including changes intime and frequency scales, pitch shifting, and cut/paste editing.

[0051] The content producer/provider 22 has a distribution server 34that streams the watermarked content over the network 24 (e.g., theInternet). A datastream with a watermark embedded therein represents toa recipient that the stream is being distributed in accordance with thecopyright authority of the content producer/provider 22. The server 34may further compress and/or encrypt the content conventional compressionand encryption techniques prior to distributing the content over thenetwork 24.

[0052] The client 26 is equipped with a processor 40, a memory 42, andone or more media output devices 44. The processor 40 runs various toolsto process the datastream, such as tools to decompress the stream,decrypt the date, filter the content, and/or apply media controls (tone,volume, color, etc.). The memory 42 stores an operating system 50 (suchas the Microsoft® Windows 2000® operating system), which executes on theprocessor. The client 26 may be embodied in a many different ways,including a computer, a handheld entertainment device, a set-top box, atelevision, an audio appliance, and so forth.

[0053] The operating system 50 implements a client-side watermarkdetecting system 52 to detect watermarks in the datastream. Theexemplary countermeasure may be implemented as part of the watermarkdetecting system 52 or as a front-end to such a system. If the watermarkis present, the client can identify its copyright and other associatedinformation.

[0054] In the case of a multimedia datastream, the operating system 50implements a media player 54 to facilitate play of the multimediacontent through the media output device(s) 44 (e.g., sound card,speakers, displays, etc.).

[0055] The operating system 50 and/or processor 40 may be configured toenforce certain rules imposed by the content producer/provider (orcopyright owner). For instance, the operating system and/or processormay be configured to reject fake or copied content that does not possessa valid watermark. In another example, the system could play unverifiedcontent with a reduced level of fidelity.

[0056] Traditional Spread-Spectrum Watermarking

[0057] Consider a media good (i.e., a digital good) to be watermarked{tilde over (x)}∈

^(N). It can be modeled as a random vector, where each element x_(i) of{tilde over (x)} is a normal independent identically distributed(i.i.d.) random variable with standard deviation σ_(x) (i.e., x_(j)˜

(0, σ_(x))).

[0058] A watermark may be defined as a spread-spectrum sequence {tildeover (w)}, which is a vector pseudo-randomly generated in {tilde over(w)}∈(±1}^(N) Each element w_(j) is usually called a “chip.” Often,watermark chips are generated such that they are mutually independentwith respect to the original digital good {tilde over (x)}. The markeddigital goody is created by vector addition {tilde over (y)}={tilde over(x)}+{tilde over (w)}. Typically, signal variance σ_(x) ² directlyimpacts the security of the scheme: the higher the variance, the moresecurely information can be hidden in the digital good.

[0059] Let {tilde over (p)}·{tilde over (q)} denote the normalized innerproduct of vectors {tilde over (p)} and {tilde over (q)} (i.e. {tildeover (p)}·{tilde over (q)}≡N⁻¹Σp_(j)q_(j), with w²≡{tilde over(p)}²={tilde over (p)}·{tilde over (p)}. For example, for {tilde over(w)} as defined above we have {tilde over (w)}²=1. Typically, thewatermark is detected by correlating (or matched filtering) a givendigital good vector {tilde over (z)} with the watermark {tilde over(w)}: $\begin{matrix}{{C\left( {\overset{\sim}{z},\quad \overset{\sim}{w}} \right)} = {{\overset{\sim}{z} \cdot \overset{\sim}{w}} = {{E\left\lbrack {\overset{\sim}{z} \cdot \overset{\sim}{w}} \right\rbrack} + {{\left( {0,\quad \frac{\sigma_{x}}{\sqrt{N}}} \right).}}}}} & (1.1)\end{matrix}$

[0060] Under no malicious attacks or other signal modifications, if thedigital good {tilde over (z)} has been marked, then E[{tilde over(z)}·{tilde over (w)}]=1, else E[{tilde over (z)}·{tilde over (w)}]=0.The detector decides that the watermark is present if C({tilde over(z)}, {tilde over (w)})>τ, where τ is a detection threshold thatcontrols the tradeoff between the probabilities of false positive andfalse negative decisions.

[0061] From modulation and detection theory, those of ordinary skill inthe art will see that under the condition that {tilde over (x)} and{tilde over (w)} are i.i.d. goods (e.g., signals), such a detector isoptimal. Finally, the probability P_(FA) that the detection decision isa false alarm is quantified as: $\begin{matrix}{P_{FA} = {{\Pr \left\lbrack {{C\left( {\overset{\sim}{z},\quad \overset{\sim}{w}} \right)} \geq \tau} \middle| \left( {\overset{\sim}{z} = \overset{\sim}{x}} \right) \right\rbrack} = {\frac{1}{2}{{erfc}\left( \frac{\tau \sqrt{N}}{\sigma_{x}\sqrt{2}} \right)}}}} & (1.2)\end{matrix}$

[0062] and the probability P_(MD) that the detection decision is amisdetection is quantified as: $\begin{matrix}{P_{MD} = {{\Pr \left\lbrack {{C\left( {\overset{\sim}{z},\quad \overset{\sim}{w}} \right)} \geq \tau} \middle| \left( {\overset{\sim}{z} = {\overset{\sim}{x} + \overset{\sim}{w}}} \right) \right\rbrack} = {\frac{1}{2}{{erfc}\left( \frac{\left( {{E\left\lbrack {\overset{\sim}{z},\quad \overset{\sim}{w}} \right\rbrack} - \tau} \right)\sqrt{N}}{\sigma_{x}\sqrt{2}} \right)}}}} & (1.3)\end{matrix}$

[0063] Direct application of traditional spread-spectrum watermarking asa data hiding tool is vulnerable to attacks from an adversary.

[0064] For example, a standard, traditional spread-spectrum watermarkeddigital good is vulnerable to geometric transformations of the good thataim at desynchronizing {tilde over (w)} with respect to its location inthe marked content. With audio content, for example, such attacks areindependent time and pitch scaling with added fluctuations (i.e.,wow-and-flutter, cropping and pasting, etc.). Only a slight misalignmentof the involved vectors is likely to generate an incorrect detectiondecision.

[0065] Estimation-Based Attack of Spread-Spectrum Watermarks

[0066] A traditional spread-spectrum watermark is venerable to anestimation-based attack. An adversary may estimate the embeddedwatermark or the original digital good. Armed with this estimate, theadversary may impair the watermark by, for example, removing it.

[0067] If an adversary knows all details of how the watermark isembedded, except for the watermark {tilde over (w)} itself, theadversary can compute the watermark estimate {tilde over (v)} from onemarked digital good or multiple goods with the same mark. The adversarymay then amplify the watermark estimate {tilde over (v)} with a factorα>1, and then subtract the amplified attack vector from the markedcontent {tilde over (y)}.

[0068] The result is an attacked digital good {tilde over (z)} with theestimated watermark removed:

{tilde over (z)}={tilde over (y)}−α{tilde over (v)}  (1.4)

[0069] The estimation attack adds noise (in Equation (1.4), it is−α{tilde over (v)}) to the marked digital good. It is likely, that atleast part of this noise is an accurate estimate of the watermark.Therefore, this noise at least partially reverses the effect of thewatermarking process. In so doing, this noise may impair detection ofthe watermark.

[0070] Exemplary Countermeasure to an Estimation-Based Attack

[0071] The exemplary countermeasure provides an effective remedy for anestimation-based attack, like that shown in Equation (1.4). Hopefully,an adversary will be forced to substantially and perceptually distortthe digital good to avoid the exemplary countermeasure.

[0072] With the exemplary countermeasure, the effects of anestimation-based attack are approximately reversed. Alternatively, thismay be called approximately “undoing” the attack. As part of this“undoing,” the exemplary countermeasure estimates the digital goodcoefficient y_(i) from the attacked digital good z_(i).

[0073] Mathematically, the undo operator of the exemplary countermeasureis U(z_(i),α), where z_(i),α∈

, is defined as follows: $\begin{matrix}{u_{i} = {{U\left( {z_{i},\quad \alpha} \right)} = \left\{ \begin{matrix}\left. {z_{i} + {{{\alpha sign}\left( z_{i} \right)},}}\quad \middle| z_{i} \middle| {> {2\alpha}} \right. \\\left. {z_{i} - {{{\alpha sign}\left( z_{i} \right)},}}\quad \middle| z_{i} \middle| {\leq {2\alpha}} \right.\end{matrix} \right.}} & (1.5)\end{matrix}$

[0074] Given a digital good coefficient z_(i) created using anestimation-based attack as z_(i)=y_(i)−αsign(y_(i)), where y_(i) is aweighted sum y_(i)=x_(i)+δw_(i) of a normal zero-mean i.i.d. variablex_(i) and a spread-spectrum sequence chip w_(i) and α≧δ, optimalestimation u_(i) of the digital good y_(i) such that E[|u_(i)−y_(i)|] isminimal, is given using the undo operator u_(i)=U(z_(i),α).

[0075] Probability Distribution Function (PDF)

[0076] FIGS. 2A-2D illustrate the positive and negative probabilitydistribution function (PDF) of goods (e.g., signals). Those who areskilled in the art are familiar with PDFs of a digital good. For thepurposes of illustration, the arrows on the x and y axes indicatepositive directions. In FIGS. 2A-2D, the positive directions are fromdown-to-up and from left-to-right.

[0077]FIG. 2A illustrates the positive and negative PDF of the marked{tilde over (y)}, which may be labeled pdf({tilde over (y)}) or PDF 210,herein. As is typical of a Gaussian distribution, the shape of theillustrated pdf({tilde over (y)}) is the familiar bell-shaped curve.Often, the marked digital good {tilde over (y)} has a slight bump ordimple at its apex when compared to the unmarked digital good {tildeover (x)} (not shown).

[0078]FIG. 2B illustrates the same pdf({tilde over (y)}) as FIG. 2A, butthe positive half 220 and negative half 240 of the curve are hatcheddifferently to distinguish them from each other in this figure and thenext.

[0079] One of the effects of attacking a digital good with anestimation-based attack is that the positive and negative halfs of thePDF are shifted. More precisely and as shown in FIG. 2C, the positivehalf 220 and negative half 240 of pdf({tilde over (y)}) are shifted adistance of α against the sign of {tilde over (y)}.

[0080] According the Equation (1.4), the attacked digital good {tildeover (z)} is produced by modifying the marked digital good {tilde over(y)} by a scaled estimated watermark {tilde over (v)}. The estimatedwatermark {tilde over (v)} tends to be quiet small relative to the othergoods. The scaling factor for the estimated watermark is α.

[0081] Therefore, the PDF of the attacked digital good, pdf({tilde over(z)}), may be approximated as the shifting of the positive half 220 adistance of α against the sign of {tilde over (y)} and the shifting ofthe negative half 240 of pdf({tilde over (y)})a distance of α againstthe sign of {tilde over (y)}.

[0082] Estimation-Based Attack: Shifting of PDF Halves

[0083]FIG. 2C illustrates a deconstruction of pdf({tilde over (z)})using the two halves 220 and 240 of pdf({tilde over (y)}) of FIG. 2B.This figure helps demonstrate the approximate effects of anestimation-based attack. It does so by showing how the pdf({tilde over(z)}) produced by the attack may be represented as moving the positivehalf 220 and negative half 240 of pdf({tilde over (y)}) of FIG. 2B.

[0084] In FIG. 2C, positive half 220 has been moved a distance of −α andacross the zero point of y. Therefore, part of positive half 220 existsin the negative portion of y. Likewise, negative half 240 has been moveda distance of +α and across the zero point of y. Therefore, part of thenegative half 240 exists in the positive portion of y.

[0085] The overlapping region 230 of positive half 220 and negative half240 is shown as cross-hatched in FIG. 2C. Tail 222 of the positive half220 is the trailing portion that is not overlapped by negative half 240.Similarly, tail 242 of the negative half 240 is the trailing portionthat is not overlapped by positive half 220.

[0086] “Undoing” an Estimation-Based Attack: Shifting Back

[0087] Using the undo operator described in Equation (1.5), theexemplary countermeasure largely counteracts the effects of the attackand substantially retrieves the values of the original digital good:{tilde over (y)}:∀(y_(i)>2α),u_(i)=y_(i). In other words, the exemplarycountermeasure “undoes” the effect of the attack by “moving” selectedportions of the attacked digital good (pdf({tilde over (z)})) againstthe likely direction of the attack.

[0088]FIG. 2D illustrates an example of the effect of thatcountermeasure. It shows a decomposed PDF of the “undone” digital good ũ(i.e., pdf(ũ)), where digital good ũ is the result of an undo operator,such as that of Equation (1.5).

[0089] Tails 222 and 242 are moved away from the x axis. They are moveda distance of ±α. Since the shape of these tails remain virtuallyunchanged by an estimation-based attack, the exemplary countermeasuremay move them back to their likely position for the pdf({tilde over(y)}).

[0090] Little can be determined from the overlap region 230 (shown inFIG. 2C) because both halves 220 and 240 overlap, as the name suggests.However, wedge 224 of the positive half 220 and wedge 244 of thenegative half 240 remain intact. The exemplary countermeasure may selecteach wedge and move them back to their likely position for thepdf({tilde over (y)}), which is on the other side of x axis. Each wedgeis moved a distance of ±α towards the x axis.

[0091] Then, the exemplary countermeasure may determine (viaextrapolation, interpolation, and such) the curve 226 between the tail222 and wedge 224. Similarly, the curve 246 between the tail 242 andwedge 244 may be determined.

[0092] Approximation of PDF of Original Digital Good {tilde over (y)}

[0093] The resulting pdf(ũ)—for which, an example is shown in FIG. 2D—isan approximation of the original pdf({tilde over (y)}). In other words,pdf(ũ)≅pdf({tilde over (y)}). Thus, the estimation-based attack iseffectively “undone.” Based upon this resulting pdf(ũ), a watermarkdetector may now detect and/or determine the original embedded watermark{tilde over (w)}.

[0094] In this implementation, the exemplary countermeasure may beviewed at a front-end that processes the incoming digital good. It mayfirst analyze the digital good to determine if was likely to have beensubject to an estimation attack. If it is determined to be so, then itmay employ an undo operator, such as that of Equation (1.5). After that,the resulting digital good may be provided to the watermark detector.

[0095] Determining Likelihood of Attack

[0096]FIG. 3 illustrates an example of a composed PDF 310 of a digitalgood after an estimation-based attack. Upon analyzing the PDF 310 of thedigital good, the exemplary countermeasure can estimate the likelihoodthat the digital good was the subject of an attack by analyzingempirical characteristics of an attacked digital good.

[0097] For example, the PDF of an attacked digital good (such as PDF310) typically has a shape that may be described cratered tower with atapered base. The shape is akin to a cratered version of the famous“Devils Tower” of the Devils Tower National Monument (located innortheastern Wyoming). This shape is different than the expectedbell-shape of an un-attacked (i.e., generally Gaussian) digital good.

[0098] Some of the empirical characteristics that the exemplarycountermeasure may look for include:

[0099] a steep slope 370 with taped feet;

[0100] a crater 380 at the apex of the tower; and/or

[0101] a combination of both.

[0102] Estimated Attack-Amplification

[0103] Also, the location of the steep slope 370 may be used todetermine the estimated attack-amplification value α that the attackeris suspected of employing. This estimated α may be used to “undo” theattack using the exemplary countermeasure.

[0104] In addition, the exemplary countermeasure can make one or moreeducated estimate of the likely the attack-amplification value α. Sincethe attacker wants to maximize the perceptual quality of the attackeddigital good, the attacker is likely to select a minimumattack-amplification value α that effectively removes the watermark witha minimal degree of distortion.

[0105] Methodological Implementations of the Exemplary Countermeasure

[0106]FIG. 4 shows a methodological implementation of the exemplarycountermeasure. This methodological implementation may be performed insoftware, hardware, or a combination thereof.

[0107] At 410, the exemplary countermeasure receives an incoming digitalgood (e.g., signal). It is typically not known whether the digital goodhas been attacked. If it has not been attacked, this is the markeddigital good {tilde over (y)}. Otherwise, it is the attacked digitalgood {tilde over (z)}.

[0108] At 412, the exemplary countermeasure analyzes the digital good todetermine the likelihood that the digital good was subjected to anestimation-based attack. It analyzes one or more empiricalcharacteristics of the digital good. It may, for example, examine thePDF of the digital good to determine if it similar empiricalcharacteristics to the PDF of the attacked digital good shown in FIG. 3.

[0109] If it is determined that it is unlikely—based upon some thresholddetermination—that the digital good was attacked, then the processproceeds to watermark detection at 450. Otherwise, it proceeds to thenext block 414.

[0110] At 414, the exemplary countermeasure determines the estimatedattack-amplification value α (as illustrated in FIG. 3). The empiricalcharacteristics of the digital good itself may help in thisdetermination. In addition, the exemplary countermeasure may make an“educated estimate” of the likely attack-amplification value α basedupon knowing that the attacker wishes to minimize distortion.

[0111] At 416, the exemplary countermeasure employs an undo operator,such as that of Equation (1.5), on the digital good to effectively“undo” the estimation-based attack on the digital good and recover anapproximation of the original marked digital good. The resulting digitalgood, ũ, is sent to watermark detection at 450.

[0112] Other Implementation Details

[0113] Mathematically, the undo operator of the exemplary countermeasureis U(z_(i),α), where z_(i),α∈

, is according to “undo” operator of Equation (1.5). Given a digitalgood coefficient z_(i) created using an estimation-based attack asz_(i)=y_(i)−αsign(y_(i)), where y_(i) is a weighted sumy_(i)=x_(i)+δw_(i) of a normal zero-mean i.i.d. variable x_(i) and aspread-spectrum sequence chip w_(i) and α≧δ, optimal estimation u_(i) ofthe digital good y_(i) such that E[|u_(i)−y_(i)|] is minimal, is givenusing the undo operator u_(i)=U(z_(i),α).

[0114] Using this undo operator, the exemplary countermeasure largelycounteracts the effects of the attack and substantially retrieves thevalues of the original digital good: {tilde over(y)}:∀(y_(i)>2α),u_(i)=y_(i). In other words, the exemplarycountermeasure “undoes” the effect of the attack by “moving” selectedportions of the attacked digital good (pdf({tilde over (z)})) againstthe likely direction of the attack.

[0115] If one defines a subset Y(a,b)⊂{tilde over (y)} s.t. y_(i)∈Y(a,b)iff a<y_(i)<b. Since for a zero-mean Gaussian distribution of x_(i) andα>δ, |Y(0,α)|>|Y(−2α,−α)|, then u _(i) is the optimal estimation ofy_(i) based on a given z_(i) s.t. −α<z_(i)<0. Similarly, since|Y(−α,0)|>|Y(α,2α)|, u_(i) is an optimal estimation of y_(i) based onz_(i) s.t. 0<z_(i)<α.

[0116] The expected value for the correlation of the recovered ũ and{tilde over (w)} is:

E[ũ·{tilde over (w)}]=δ−α[erfc(a)−erfc(b)−erfc(c)+erfc(d)]  (1.6)

[0117] where${{where}\quad a} = {{\frac{\alpha - \delta}{\sigma_{x}\sqrt{2}},\quad b} = {{\frac{\alpha + \delta}{\sigma_{x}\sqrt{2}},\quad c} = {{\frac{{2\alpha} - \delta}{\sigma_{x}\sqrt{2}},\quad d} = {\frac{{2\alpha} + \delta}{\sigma_{x}\sqrt{2}}.}}}}$

[0118] The exemplary countermeasure to the estimation attack is unlikelyto recover the magnitudes of Y(−2α,−α)∪Y(α,2α) which got mixed withY(−α,0) ∪Y(0,α) during the attack. Those magnitudes are represented asthe overlap region 230 in FIG. 2C. The final correlation E[ũ, {tildeover (w)}] may be compensated as follows: E[ũ, {tilde over (w)}]=δ−C₁+C₂with: $\begin{matrix}{\left. {C_{1} = {{\int_{\alpha}^{2\alpha}{\left( {x - \delta} \right){f\left( {x - \delta} \right)}}} + {\left( {x + \delta} \right){f\left( {x + \delta} \right)}}}} \right\rbrack \quad {x}} \\{\left. {C_{2} = {{\int_{\alpha}^{2\alpha}{\left( {x - \delta - {2\alpha}} \right){f\left( {x - \delta} \right)}}} + {\left( {x + \delta - {2\alpha}} \right){f\left( {x + \delta} \right)}}}}\quad \right\rbrack {x}}\end{matrix}$

[0119] where f(x+c) is a function of the normal distribution centered atc with variance σ_(x) ², which results in Equation (1.6).

[0120] Exemplary Computing System and Environment

[0121]FIG. 5 illustrates an example of a suitable computing environment500 within which an exemplary countermeasure, as described herein, maybe implemented (either fully or partially). The computing environment500 may be utilized in the computer and network architectures describedherein.

[0122] The exemplary computing environment 500 is only one example of acomputing environment and is not intended to suggest any limitation asto the scope of use or functionality of the computer and networkarchitectures. Neither should the computing environment 500 beinterpreted as having any dependency or requirement relating to any oneor combination of components illustrated in the exemplary computingenvironment 500.

[0123] The exemplary countermeasure may be implemented with numerousother general purpose or special purpose computing system environmentsor configurations. Examples of well known computing systems,environments, and/or configurations that may be suitable for useinclude, but are not limited to, personal computers, server computers,thin clients, thick clients, hand-held or laptop devices, multiprocessorsystems, microprocessor-based systems, set top boxes, programmableconsumer electronics, network PCs, minicomputers, mainframe computers,distributed computing environments that include any of the above systemsor devices, and the like.

[0124] The exemplary countermeasure may be described in the generalcontext of computer-executable instructions, such as program modules,being executed by a computer. Generally, program modules includeroutines, programs, objects, components, data structures, etc. thatperform particular tasks or implement particular abstract data types.The exemplary countermeasure may also be practiced in distributedcomputing environments where tasks are performed by remote processingdevices that are linked through a communications network. In adistributed computing environment, program modules may be located inboth local and remote computer storage media including memory storagedevices.

[0125] The computing environment 500 includes a general-purposecomputing device in the form of a computer 502. The components ofcomputer 902 may include, by are not limited to, one or more processorsor processing units 904, a system memory 506, and a system bus 508 thatcouples various system components including the processor 504 to thesystem memory 506.

[0126] The system bus 508 represents one or more of any of several typesof bus structures, including a memory bus or memory controller, aperipheral bus, an accelerated graphics port, and a processor or localbus using any of a variety of bus architectures. By way of example, sucharchitectures may include an Industry Standard Architecture (ISA) bus, aMicro Channel Architecture (MCA) bus, an Enhanced ISA (EISA) bus, aVideo Electronics Standards Association (VESA) local bus, and aPeripheral Component Interconnects (PCI) bus also known as a Mezzaninebus.

[0127] Computer 502 typically includes a variety of computer readablemedia. Such media may be any available media that is accessible bycomputer 502 and includes both volatile and non-volatile media,removable and non-removable media.

[0128] The system memory 506 includes computer readable media in theform of volatile memory, such as random access memory (RAM) 510, and/ornon-volatile memory, such as read only memory (ROM) 512. A basicinput/output system (BIOS) 514, containing the basic routines that helpto transfer information between elements within computer 502, such asduring start-up, is stored in ROM 512. RAM 510 typically contains dataand/or program modules that are immediately accessible to and/orpresently operated on by the processing unit 504.

[0129] Computer 502 may also include other removable/non-removable,volatile/non-volatile computer storage media. By way of example, FIG. 5illustrates a hard disk drive 516 for reading from and writing to anon-removable, non-volatile magnetic media (not shown), a magnetic diskdrive 518 for reading from and writing to a removable, non-volatilemagnetic disk 520 (e.g., a “floppy disk”), and an optical disk drive 522for reading from and/or writing to a removable, non-volatile opticaldisk 524 such as a CD-ROM, DVD-ROM, or other optical media. The harddisk drive 516, magnetic disk drive 518, and optical disk drive 522 areeach connected to the system bus 508 by one or more data mediainterfaces 526. Alternatively, the hard disk drive 516, magnetic diskdrive 518, and optical disk drive 522 may be connected to the system bus908 by one or more interfaces (not shown).

[0130] The disk drives and their associated computer-readable mediaprovide non-volatile storage of computer readable instructions, datastructures, program modules, and other data for computer 502. Althoughthe example illustrates a hard disk 516, a removable magnetic disk 520,and a removable optical disk 524, it is to be appreciated that othertypes of computer readable media which may store data that is accessibleby a computer, such as magnetic cassettes or other magnetic storagedevices, flash memory cards, CD-ROM, digital versatile disks (DVD) orother optical storage, random access memories (RAM), read only memories(ROM), electrically erasable programmable read-only memory (EEPROM), andthe like, may also be utilized to implement the exemplary computingsystem and environment.

[0131] Any number of program modules may be stored on the hard disk 516,magnetic disk 520, optical disk 524, ROM 512, and/or RAM 510, includingby way of example, an operating system 526, one or more applicationprograms 528, other program modules 530, and program data 532.

[0132] A user may enter commands and information into computer 502 viainput devices such as a keyboard 534 and a pointing device 536 (e.g., a“mouse”). Other input devices 538 (not shown specifically) may include amicrophone, joystick, game pad, satellite dish, serial port, scanner,and/or the like. These and other input devices are connected to theprocessing unit 504 via input/output interfaces 540 that are coupled tothe system bus 508, but may be connected by other interface and busstructures, such as a parallel port, game port, or a universal serialbus (USB).

[0133] A monitor 542 or other type of display device may also beconnected to the system bus 508 via an interface, such as a videoadapter 544. In addition to the monitor 542, other output peripheraldevices may include components such as speakers (not shown) and aprinter 546 which may be connected to computer 502 via the input/outputinterfaces 540.

[0134] Computer 502 may operate in a networked environment using logicalconnections to one or more remote computers, such as a remote computingdevice 548. By way of example, the remote computing device 548 may be apersonal computer, portable computer, a server, a router, a networkcomputer, a peer device or other common network node, and the like. Theremote computing device 948 is illustrated as a portable computer thatmay include many or all of the elements and features described hereinrelative to computer 502.

[0135] Logical connections between computer 502 and the remote computer548 are depicted as a local area network (LAN) 550 and a general widearea network (WAN) 552. Such networking environments are commonplace inoffices, enterprise-wide computer networks, intranets, and the Internet.

[0136] When implemented in a LAN networking environment, the computer502 is connected to a local network 550 via a network interface oradapter 554. When implemented in a WAN networking environment, thecomputer 502 typically includes a modem 556 or other means forestablishing communications over the wide network 552. The modem 556,which may be internal or external to computer 502, may be connected tothe system bus 508 via the input/output interfaces 540 or otherappropriate mechanisms. It is to be appreciated that the illustratednetwork connections are exemplary and that other means of establishingcommunication link(s) between the computers 502 and 548 may be employed.

[0137] In a networked environment, such as that illustrated withcomputing environment 500, program modules depicted relative to thecomputer 502, or portions thereof, may be stored in a remote memorystorage device. By way of example, remote application programs 558reside on a memory device of remote computer 548. For purposes ofillustration, application programs and other executable programcomponents such as the operating system are illustrated herein asdiscrete blocks, although it is recognized that such programs andcomponents reside at various times in different storage components ofthe computing device 502, and are executed by the data processor(s) ofthe computer.

[0138] Computer-Executable Instructions

[0139] An implementation of an exemplary countermeasure may be describedin the general context of computer-executable instructions, such asprogram modules, executed by one or more computers or other devices.Generally, program modules include routines, programs, objects,components, data structures, etc. that perform particular tasks orimplement particular abstract data types. Typically, the functionalityof the program modules may be combined or distributed as desired invarious embodiments.

[0140] Exemplary Operating Environment

[0141]FIG. 5 illustrates an example of a suitable operating environment500 in which an exemplary countermeasure may be implemented.Specifically, the exemplary countermeasure(s) described herein may beimplemented (wholly or in part) by any program modules 528-530 and/oroperating system 526 in FIG. 5 or a portion thereof.

[0142] The operating environment is only an example of a suitableoperating environment and is not intended to suggest any limitation asto the scope or use of functionality of the exemplary countermeasure(s)described herein. Other well known computing systems, environments,and/or configurations that are suitable for use include, but are notlimited to, personal computers (PCs), server computers, hand-held orlaptop devices, multiprocessor systems, microprocessor-based systems,programmable consumer electronics, wireless phones and equipments,general- and special-purpose appliances, application-specific integratedcircuits (ASICs), network PCs, minicomputers, mainframe computers,distributed computing environments that include any of the above systemsor devices, and the like.

[0143] Computer Readable Media

[0144] An implementation of an exemplary countermeasure may be stored onor transmitted across some form of computer readable media. Computerreadable media may be any available media that may be accessed by acomputer. By way of example, and not limitation, computer readable mediamay comprise “computer storage media” and “communications media.”

[0145] “Computer storage media” include volatile and non-volatile,removable and non-removable media implemented in any method ortechnology for storage of information such as computer readableinstructions, data structures, program modules, or other data. Computerstorage media includes, but is not limited to, RAM, ROM, EEPROM, flashmemory or other memory technology, CD-ROM, digital versatile disks (DVD)or other optical storage, magnetic cassettes, magnetic tape, magneticdisk storage or other magnetic storage devices, or any other mediumwhich may be used to store the desired information and which may beaccessed by a computer.

[0146] “Communication media” typically embodies computer readableinstructions, data structures, program modules, or other data in amodulated data signal, such as carrier wave or other transportmechanism. Communication media also includes any information deliverymedia.

[0147] The term “modulated data signal” means a signal that has one ormore of its characteristics set or changed in such a manner as to encodeinformation in the signal. By way of example, and not limitation,communication media includes wired media such as a wired network ordirect-wired connection, and wireless media such as acoustic, RF,infrared, and other wireless media. Combinations of any of the above arealso included within the scope of computer readable media.

CONCLUSION

[0148] Although the invention has been described in language specific tostructural features and/or methodological steps, it is to be understoodthat the invention defined in the appended claims is not necessarilylimited to the specific features or steps described. Rather, thespecific features and steps are disclosed as preferred forms ofimplementing the claimed invention.

1. A computer-readable medium having computer-executable instructionsthat, when executed by a computer, performs a method facilitating awatermark estimation-based attack countermeasure, the method comprising:obtaining a digital good; analyzing the digital good to determinewhether such digital good was subjected to a watermark estimation-basedattack; determining an estimated attack-amplification value α likelyemployed by a watermark estimation-based attack on the digital good;producing an approximation of the digital good before it was subjectedto the watermark estimation-based attack.
 2. A medium as recited inclaim 1 further comprising providing the approximated pre-attack digitalgood for watermark detection.
 3. A medium as recited in claim 1, whereinthe producing comprises: identifying portions of a probabilitydistribution function (PDF) of the digital good that are likely toremain unchanged after the watermark estimation-based attack on thedigital good; shifting the identified portions of a PDF of the digitalgood by the estimated attack-amplification value α; determiningremainder of the PDF between the portions.
 4. A medium as recited inclaim 1, wherein the digital good is a signal.
 5. A device comprising acomputer-readable medium as recited in claim
 1. 6. A computer-readablemedium having computer-executable instructions that, when executed by acomputer, performs a method facilitating a watermark estimation-basedattack countermeasure, the method comprising: obtaining a digital good;producing an approximation of the digital good before it was subjectedto the watermark estimation-based attack.
 7. A medium as recited inclaim 6 further comprising analyzing the digital good to determinewhether such digital good was subjected to a watermark estimation-basedattack.
 8. A medium as recited in claim 6 further comprising determiningan estimated attack-amplification value α.
 9. A medium as recited inclaim 6 further comprising determining an estimated attack-amplificationvalue α likely employed by a watermark estimation-based attack on thedigital good.
 10. A medium as recited in claim 6, wherein the producingcomprises: identifying portions of a probability distribution function(PDF) of the digital good that are likely to remain unchanged after thewatermark estimation-based attack on the digital good; shifting theidentified portions of a PDF of the digital good by the estimatedattack-amplification value α; determining remainder of the PDF betweenthe portions.
 11. A medium as recited in claim 6 further comprisingproviding the approximated pre-attack digital good for watermarkdetection.
 12. A medium as recited in claim 6, wherein the digital goodis a signal.
 13. A device comprising a computer-readable medium asrecited in claim
 6. 14. A method facilitating a watermarkestimation-based attack countermeasure, the method comprising: obtaininga digital good; producing an approximation of the digital good before itwas subjected to the watermark estimation-based attack.
 15. A method asrecited in claim 14 further comprising analyzing the digital good todetermine whether such digital good was subjected to a watermarkestimation-based attack.
 16. A method as recited in claim 14 furthercomprising determining an estimated attack-amplification value α.
 17. Amethod as recited in claim 14 further comprising determining anestimated attack-amplification value α likely employed by a watermarkestimation-based attack on the digital good.
 18. A method as recited inclaim 14, wherein the producing comprises: identifying portions of aprobability distribution function (PDF) of the digital good that arelikely to remain unchanged after the watermark estimation-based attackon the digital good; shifting the identified portions of a PDF of thedigital good by the estimated attack-amplification value α; determiningremainder of the PDF between the portions.
 19. A method as recited inclaim 14 further comprising providing the approximated pre-attackdigital good for watermark detection.
 20. A method as recited in claim14, wherein the digital good is a signal.
 21. A watermark detectionsystem comprising: a memory comprising a set of computer programinstructions; and a processor coupled to the memory, the processor beingconfigured to execute the computer program instructions facilitating awatermark estimation-based attack countermeasure, such instructionscomprising: obtaining a digital good; producing an approximation of thedigital good before it was subjected to the watermark estimation-basedattack.
 22. A system as recited in claim 21, wherein the instructionsfurther comprise analyzing the digital good to determine whether suchdigital good was subjected to a watermark estimation-based attack.
 23. Asystem as recited in claim 21, wherein the instructions further comprisedetermining an estimated attack-amplification value α likely employed bya watermark estimation-based attack on the digital good.
 24. A system asrecited in claim 21, wherein the instructions further comprise providingthe approximated pre-attack digital good for watermark detection.
 25. Asystem as recited in claim 21, wherein the digital good is a signal.